IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to arbitrary code execution and SQL injection due to Apache Log4j. (CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)

Authors: Created by IBM

Multiple vulnerabilities exist in the Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application.The same Apache library is also used by the IBM WebSphere Application Server Liberty for z/OS in features zosConnect-1.0 and zosConnect-1.2.All vulnerabilities have been addressed previously by removing all existing Apache Log4j versions....

CVEID: CVE-2022-23302 ^[1]
DESCRIPTION: Apache Log4j could allow a remote authenticated

Just published by IBM: Read more